1. Field of the Invention
The present invention relates to a broadcast receiving apparatus and a broadcast receiving method for receiving a digital broadcast signal and recording/reproducing the received broadcast content.
2. Description of the Related Art
Measures for copyright protection are sometimes taken in digital broadcasting. For example, a system for transmitting scrambled content and allowing only viewing-contract-based valid broadcast receiving apparatuses to descramble the scrambled content is employed in digital broadcasting. In Japan, a conditional access system (CAS) that uses an integrated circuit (IC) card is adopted.
Identification of valid broadcast receiving apparatuses, secure encryption and transmission of content, and successful descrambling processing of the valid broadcast receiving apparatuses are important in the conditional access system. Here, the valid broadcast receiving apparatuses indicate apparatuses that are authorized to have a copyright protection function and have a valid viewing contract. In the case of paid broadcasting, the valid broadcast receiving apparatuses have to be successfully charged for viewing.
An IC card stores an ID number unique to the IC card and master key information for use in descrambling of content. Valid broadcast receiving apparatuses are identified using the information stored in the card. Content is encrypted with three keys, which include the master key information.
On the other hand, a new conditional access system that does not use an IC card is additionally standardized. Hereinafter, this new standard is referred to as a rights management and protection (RMP) system. Digital terrestrial broadcast receiving apparatuses and mobile broadcast receiving terminals may be designed in accordance with the RMP system.
A specific method of the RMP system is as described below. An entitlement management message (EMM) containing encrypted master key information is transmitted over a broadcast wave instead of storing the master key information in an IC card. The EMM is data contained in a payload of a transport stream (TS) packet and carries device key information and work key information for each model of broadcast receiving apparatuses. The broadcast receiving apparatuses extract key information (device key) corresponding to an ID of each model from the EMM. The device key information contained in the EMM is encrypted. A device key is generated using a specific device key generation procedure. The device key generation procedure indicates, for example, software for executing an algorithm to generate a device key or hardware for executing predetermined processing to generate a device key.
Content is encrypted with three keys. A device key, a work key, and a scramble key are used to descramble the encrypted content. The work key is encrypted with the device key and is contained in the EMM. The scramble key is encrypted with the work key, contained in an entitlement control message (ECM), and transmitted over a broadcast wave. Like the EMM, the ECM is data contained in a payload of a transport stream (TS) packet and carries scramble key information and program information commonly used by all broadcast receiving apparatuses. In this manner, valid broadcast receiving apparatuses sequentially decrypt encrypted key information based on the device key, thereby realizing viewing of the content.
When leaked device key information is misused to violate copyright protection, a measure for updating key information contained in an EMM and transmitting the updated key information is taken. This measure is referred to as revoke. Since the revoke prevents the leaked device key information from being misused, content is securely transmitted thereafter. However, when a device key generation procedure leaks, an updated device key can be generated in accordance with the leaked device key generation procedure even if key information contained in the EMM is updated. In such a case, the EMM is updated so that none of revoke-target broadcast receiving apparatuses can generate a key using the leaked device key generation procedure.
Once the EMM is updated, the revoke-target broadcast receiving apparatuses cannot realize viewing of broadcast content thereafter. To permit viewing of the broadcast content again, the device key generation procedure is updated to more-secure hard-to-leak one. For example, a method for updating key generation software included in a broadcast receiving apparatus is employed (see, for example, Japanese Patent Laid-Open No. 2006-129244). Since invalid broadcast receiving apparatuses cannot update the key generation procedure, following content can be securely transmitted.
On the other hand, apparatuses for storing a digital broadcast program in a storage device, such as a hard disk, and realizing repeated viewing of the program are also put to practical use. Digital broadcasting employs a moving picture experts group (MPEG) 2 system and uses a transport stream (hereinafter, referred to as “TS”). Streams of video, audio, data for data broadcasting, transmission control information, and reception control information are dividedly contained in each of TS packets and are transmitted according to time-division multiplexing. If the apparatuses store the received TS data on a recording medium as it is, the apparatuses can store the TS data without deteriorating the image quality.
When the TS data is stored as scrambled TS data, the data has a copyright protection function equivalent to that of a broadcast wave. Even if the TS data cannot be descrambled due to lack of key information stored in an IC card or the like, the scrambled TS data can be stored as it is. Hereinafter, it is assumed that recorded TS data indicates recorded data that has not undergone descrambling.
As in the case of viewing of a broadcast wave, recorded TS data is descrambled at the time of reproduction and viewing of a recorded broadcast program. At this time, a device key, a work key, and a scramble key extracted from an EMM and an ECM of the recorded TS data are decrypted to perform descrambling.
Once a device key generation procedure is updated in response to discovery of an invalid broadcast receiving apparatus in the RMP system, viewing of content that has been recorded as recorded TS data is no longer available.
This is because a device key generated from an EMM of the recorded TS data has been already revoked. More specifically, even valid viewers not invalidly violating a copyright protection function can no longer view the TS-format content recorded before the revoke.